[email protected] (Jeremie Courreges-Anglas) writes: > Main usability concerns: > - CAST5 -> AES for symmetric encryption > - MD5 sigs rejected by default > > I intend to commit this soon, but tests are welcome. I'm not sure > whether the RNG bug is critical or not, but a fix for -stable is planned. > > > Noteworthy changes in version 1.4.21 (2016-08-17) > ------------------------------------------------- > > * Fix critical security bug in the RNG [CVE-2016-6313]. An attacker > who obtains 580 bytes from the standard RNG can trivially predict > the next 20 bytes of output. Problem detected by Felix Dörre and > Vladimir Klebanov, KIT. > > * Tweak default options for gpgv. > > * By default do not anymore emit the GnuPG version with --armor. > > > Noteworthy changes in version 1.4.20 (2015-12-20) > ------------------------------------------------- > > * Reject signatures made using the MD5 hash algorithm unless the > new option --allow-weak-digest-algos or --pgp2 are given. > > * New option --weak-digest to specify hash algorithms which > should be considered weak. > > * Changed default cipher for symmetric-only encryption to AES-128. > > * Fix for DoS when importing certain garbled secret keys. > > * Improved error reporting for secret subkey w/o corresponding public > subkey. > > * Improved error reporting in decryption due to wrong algorithm. > > * Fix cluttering of stdout with trustdb info in double verbose mode. > > * Pass a DBUS envvar to gpg-agent for use by gnome-keyring.
Thanks danj ... Index: Makefile =================================================================== RCS file: /cvs/ports/security/gnupg/Makefile,v retrieving revision 1.100 diff -u -p -r1.100 Makefile --- Makefile 29 Jun 2016 16:14:44 -0000 1.100 +++ Makefile 21 Aug 2016 14:17:37 -0000 @@ -2,8 +2,7 @@ COMMENT= GNU privacy guard - a free PGP replacement -DISTNAME= gnupg-1.4.19 -REVISION= 2 +DISTNAME= gnupg-1.4.21 CATEGORIES= security # restrict, not compatible with gnupg-2. Index: distinfo =================================================================== RCS file: /cvs/ports/security/gnupg/distinfo,v retrieving revision 1.29 diff -u -p -r1.29 distinfo --- distinfo 1 Mar 2015 12:12:54 -0000 1.29 +++ distinfo 21 Aug 2016 14:17:37 -0000 @@ -1,2 +1,2 @@ -SHA256 (gnupg-1.4.19.tar.gz) = Rcs01uPJqzRj/vGB1H6hxIrkcC6n6N0jlb1ddiTj5nY= -SIZE (gnupg-1.4.19.tar.gz) = 5140153 +SHA256 (gnupg-1.4.21.tar.gz) = so5ugC8I2w/IzxMM8Ufyrc7vji7+yKe76V9B5H+AoLA= +SIZE (gnupg-1.4.21.tar.gz) = 5162404 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
